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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- if the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 13 October 2004 . 
2a)K This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11, 453 O.G. 21 3. 

Disposition of Claims 

4) S Claim(s) 1-33 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) [EI Claim(s) 1-13. 16.17.24-28 and 30-33 is/are allowed. 

6) 13 Claim(s) 14.15.18-23 and 29 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) Q The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)Q Some * c)Q None of: 

1 0 Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Allowable Subject Matter 

Claims 1-13, 16-17, 24-28, and 30-33 are allowed. 

Response to Arguments 

Applicant's arguments, see amendment filed October 13, 2004, with respect to 
encapsulating packets only after determining a network address translation or protocol 
conversion is occurring on the packets being transmitted between two computers have 
been fully considered and are persuasive. The rejection of claims 1-13, and 16-17 has 
been withdrawn. 

Applicant's arguments filed October 13, 2004 have been fully considered but they 
are not persuasive in view of claims 14-15,1 8-23 and 29. 

In response to applicant's argument that the reference fails to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., encapsulating packets only after determining a network address translation or 
protocol conversion is occurring on the packets being transmitted between two 
computers) are not recited in the rejected claim(s). Although the claims are interpreted 
in light of the specification, limitations from the specification are not read into the claims. 
See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
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With respect to claims 14-15, and 18-23, none of the claims recite the feature 
relied on by applicant and no other distinctions were provided in applicant's arguments 
for the above claims. Therefore the claims 14-15 and 18-23 are still rejected. 

With respect to claim 29, applicant argues the claim focuses solely on the actions 
of the second computer which are receiving encapsulated packets, decapsulating the 
packets and recovering the data. Claim 29 as presently written and argued do not recite 
any clear distinction over the prior art of record (Nessett, US 6,055,236). Therefore, 
claim 29 would have been rejected if presented in the earlier application as shown 
below. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 



Application/Control Number: 09/333,829 Page 4 

Art Unit: 2137 

Claims 14-15, 18-23 and 29 are rejected under 35 U.S.C. 102(e) as being 
anticipated by U.S. patent 6,055,236 granted to Nessett et al. 

Regarding claim 14, Nessett meets the claimed limitations as follows: 
"A method for tunnelling packets between a first computer device and a second 
computer device through a packet-switched data transmission network comprising 
intermediate computer devices, in which data transmission network there exists a 
security protocol comprising a key management connection that employs a specific 
packet format for key management packets, the method comprising the steps of: 

encapsulating data packets that are not key management packets into said 
specific packet format for key management packets, 

transmitting said data packets encapsulated into the specific packet format from 
the first computer device to the second computer device, 

discriminating at the second computer device the data packets encapsulated into 
the specific packet format from actual key management packets and 

decapsulating the data packets encapsulated into the specific packet format." 
see column 7, lines 8-33; column 13, line 32 to column 38, line 15 and Figure 1. 

Regarding claim 15, Nessett meets the claimed limitations as follows: 
"A method according to claim 14, wherein the step of encapsulating data packets that 
are not key management packets comprises the substeps of: 

encapsulating data packets that are not key management packets into a key 
management packet format specified by the Internet Key Exchange protocol which 
defines a certain Initiator Cookie field and 
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inserting into the Initiator Cookie field of an encapsulated data packet a value 
indicating that the encapsulated packet is a data packet and not a key management 
packet." see column 32, line 1 1 to column 33, line 39. 

Regarding claim 18, Nessett meets the claimed limitations as follows: 
"A method for securely communicating packets between a first computer device and a 
second computer device through a packet-switched data transmission network 
comprising intermediate computer devices, where: 

at least one of said computer devices performs a network address translation 
and/or a protocol conversion; 

and wherein a security protocol is acknowledged which determines 
transport-mode processing of packets for transmission and reception; 

and where a high-level protocol checksum has been determined for checking the 
integrity of received packets, the method comprising the steps of: 

at the first computer device, performing transport-mode processing for packets to 
be transmitted to the second computer device, 

at the second computer device, performing transport-mode processing for 
packets received from the first computer device, said transport-mode processing 
comprising the decapsulation of received packets and 

at the second computer device, updating the high-level protocol checksum for 
decapsulated packets for compensating for changes, if any, caused by network address 
translations." see column 7, lines 8-33; column 13, line 32 to column 38, line 15 and 
Figure 1 . 
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Regarding claim 19, Nessett meets the claimed limitations as follows: 
"A method according to claim 18, wherein the step of performing transport-mode 
processing at the first computer device for packets transmitted to the second computer 
device takes the form of performing transport-mode processing as determined in the 
IPSEC protocol suite, and the step of performing transport-mode processing at the 
second computer device for packets received from the first computer device takes the 
form of performing transport-mode processing as determined in the IPSEC protocol 
suite." see column 21, line 1 to column 26, line 35. 

Regarding claim 20, Nessett meets the claimed limitations as follows: 
"A method according to claim 18, additionally comprising the steps of: 
at the first computer device, after performing transport-mode processing for a packet to 
be transmitted to the second computer device, encapsulating the processed packet into 
a packet conforming to a certain second protocol, which second protocol is capable of 
traversing network address translations and 

at the second computer device, before performing transport-mode processing for a 
packet received from the first computer device, decapsulating the received packet from 
the packet conforming to said second protocol and replacing a number of network 
addresses in the decapsulated packet with a corresponding number of network 
addresses taken from the received packet before decapsulation." see column 21, line 1 
to column 26, line 35. 

Regarding claim 21, Nessett meets the claimed limitations as follows: 
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"A method according to claim 18, wherein the step of updating the high-level protocol 
checksum takes the form of recomputing the checksum for the 
transport-mode-processed packets." see column 23, lines 3-45. 

Regarding claim 22, Nessett meets the claimed limitations as follows: 
"A method according to claim 18, wherein the method additionally comprises the step of 
obtaining information about the network addresses of the first and second computer 
devices before and after network address translations, and the step of updating the 
high-level protocol checksum takes the form of incrementally updating the checksum 
based on the obtained information about the network addresses of the first and second 
computer devices before and after network address translations. " see column 21 , line 1 
to column 26, line 35. 

Regarding claim 23, Nessett meets the claimed limitations as follows: 
"A method for maintaining the unchanged form of address translations performed by 
network address translation devices on encapsulated actual data packets transmitted 
with certain address information between a first computer device and a second 
computer device through a packet-switched data transmission network, the method 
comprising the step of: 

forcing at least one of the first computer device and the second computer device to 
transmit to the other computer device keepalive packets with address information 
identical to that of actual data packets at a high enough frequency so that network 
address translation devices constantly reuse the mappings used for network address 
translation even when a certain fraction of the packets communicated between 
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the first computer device and the second computer device are lost in the network." see 
column 7, lines 8-33; column 13, line 32 to column 38, line 15 and Figure 1. 

Regarding claim 29, Nessett meets the claimed limitations as follows: 
"A method for receiving data transmitted in tunneled, secure packets sent from a first 
computer device to a second computer device through a packet-switched data 
transmission network comprising intermediate computer devices, where at least one of 
said intermediate computer devices may perform a network address translation or a 
protocol conversion resulting in alteration of a packet propagating therethrough, and 
wherein said tunneled, secure packets comprise packets of a first secure protocol 
encapsulated in packets of a second protocol which can pass through network address 
translations or protocol conversions, the method comprising the steps of: 

- decapsulating packets received from said first computer device and conforming to said 
second protocol to recover packets conforming to said first protocol; and 

- using said first secure protocol to recover data transmitted in said first secure protocol 
packets." see column 7, lines 8-33; column 13, line 32 to column 38, line 15 and Figures 
1, 14 and 20. 

Conclusion 

This is a Request for Continued Examination of applicant's earlier Application No. 
09/333,829. All claims are drawn to the same invention claimed in the earlier 
application and could have been finally rejected on the grounds and art of record in the 
next Office action if they had been entered in the earlier application. Accordingly, THIS 
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ACTION IS MADE FINAL even though it is a first action in this case. See MPEP 
§ 706.07(b). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no, however, event will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew B Smithers whose telephone number is (571) 
272-3876. The examiner can normally be reached on Monday-Friday (8:00-4:30) EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew T Caldwell can be reached on (571 ) 272-3868. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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